| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
Fix build by adding missing macros.
The patch is taken from:
https://lists.openembedded.org/g/openembedded-core/message/161168
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ruby uses extensions (.so files) that might also depend on other
libraries. When the linker builds an executable, it will refer to the
path it found the library, including those in the stagging dir. However,
when it links a shared library (like ruby exts), it will let that
dependency to be resolved at runtime.
During host and target build, ruby build script runs ruby scripts. When
it loads a ext that depends on another library, it will, by default,
look for the system libraries to satisfy that, breaking the build when
it fails. Setting LD_LIBRARY_PATH to the stagging lib dir is a valid
workaround.
Ruby can also be built statically linking all exts into ruby executable.
That will make the linker point to the stagging library path, fixing the
issue. It was used in the past but, at some point, ruby broke it. Now it
is working as expected.
Closes #20839
While at it, clean up excluded extensions not used by host ruby.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This release includes security fixes. Please check the topics below for
details.
- CVE-2023-28755: ReDoS vulnerability in URI
- CVE-2023-28756: ReDoS vulnerability in Time
See https://github.com/ruby/ruby/releases/tag/v3_2_2 for further details.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ruby 3.2 changes include:
* WASI based WebAssembly support
* Production-ready YJIT
* Regexp improvements against ReDoS
See: https://www.ruby-lang.org/en/news/2022/12/25/ruby-3-2-0-released/
Ruby 3.2.1 changes includes:
* Bugfixes
See: https://www.ruby-lang.org/en/news/2023/02/08/ruby-3-2-1-released/
Package-related changes are:
* libyaml is no longer bundled, requiring OpenWrt to build it as a host
library for ruby/host.
* Added sub-packages:
- ruby-mjit: files for mJIT, although disabled during build
- ruby-syntax_suggest: finds missing ends
* Backported patches dropped:
- 001-fix-build-with-libressl-3.5.patch
- 002-fix-operator-precedence.patch
* Usual dependencies adjustments
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This release includes a security fix.
- CVE-2021-33621: HTTP response splitting in CGI
For more details:
- https://www.ruby-lang.org/en/news/2022/11/24/ruby-3-1-3-released/
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ruby 3.1.0 major changes:
- YJIT: New experimental in-process JIT compiler
- debug gem: A new debugger
- error_highlight: Fine-grained error location in backtrace
- IRB Autocomplete and Documentation Display
- Many more. See:
https://www.ruby-lang.org/en/news/2021/12/25/ruby-3-1-0-released/
Ruby 3.1.1 changes:
- Many non-security bug fixes. See:
https://www.ruby-lang.org/en/news/2022/02/18/ruby-3-1-1-released/
Ruby 3.1.2 changes:
- CVE-2022-28738: Double free in Regexp compilation
- CVE-2022-28739: Buffer overrun in String-to-Float conversion
Packaging changes:
- Dropped 100-musl.patch (upstream fix)
- Added: ruby-error_highlight, ruby-random_formatter,
ruby-ruby2_keywords
- Removed: ruby-dbm, ruby-gdbm, ruby-fiber, ruby-gdbm, ruby-tracer
- ruby_find_pkgsdeps script:
* cleaned some ignored and weak dependencies
- ruby_missingfiles script:
* fix the example cmdline
* let diff use all terminal columns
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
1. ruby/host build fails on macos due to Apple ld generates warning
if a folder from LDFLAGS is not exist. configure script catches this
warning and fails. This patch disables ld warnings for macos
2. ruby build fails on macos due /bin/true is not exist on macos.
This patch replaces /bin/true with true in OpenWrt Makefile
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
|
| |
|
|
|
|
| |
* fixes CVE-2021-41817, CVE-2021-41816 and CVE-2021-41819
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
|
| |
|
|
|
|
|
|
|
|
| |
This release fixes some bugs and these vulnerabilities:
* CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP
* CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP
* CVE-2021-31799: A command injection vulnerability in RDoc
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Fixes two CVEs:
CVE-2021-28965: XML round-trip vulnerability in REXML
CVE-2021-28966: Path traversal in Tempfile on Windows
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This release goal is performance, concurrency, and typing. See details
in https://www.ruby-lang.org/en/news/2020/12/25/ruby-3-0-0-released/
New subpackages (reflect of mostly complete upstream ruby gemification)
- ruby-abbrev (from ruby-misc)
- ruby-base64 (from ruby-misc)
- ruby-coverage (from ruby-misc)
- ruby-continuation (from ruby-misc)
- ruby-debug (from ruby-debuglib)
- ruby-english (from ruby-misc)
- ruby-expect (from ruby-misc)
- ruby-fiber (from ruby-misc)
- ruby-find (from ruby-filelib)
- ruby-io-nonblock (from ruby-multithread)
- ruby-io-wait (from ruby-multithread)
- ruby-monitor (from ruby-multithread)
- ruby-net-ftp (from ruby-net)
- ruby-net-http (from ruby-net)
- ruby-net-imap (from ruby-net)
- ruby-net-pop (from ruby-net)
- ruby-net-protocol (from ruby-net)
- ruby-objspace (from ruby-debuglib)
- ruby-open-uri (from ruby-net)
- ruby-pathname (from ruby-filelib)
- ruby-pp (from ruby-prettyprint)
- ruby-pty (from ruby-misc)
- ruby-rbs (NEW)
- ruby-resolv (from ruby-socket)
- ruby-resolv-replace (from ruby-socket)
- ruby-securerandom (from ruby-misc)
- ruby-set (from ruby-misc)
- ruby-shellwords (from ruby-misc)
- ruby-syslog (from ruby-logger)
- ruby-tempfile (from ruby-filelib)
- ruby-tmpdir (from ruby-filelib)
- ruby-tsort (from ruby-misc)
- ruby-typeprof (NEW)
- ruby-un (from ruby-mkmf)
- ruby-weakref (from ruby-misc)
Removed subpackages
- ruby-debuglib (split into ruby-debug,ruby-objspace)
- ruby-filelib (split into ruby-find,ruby-pathname,ruby-tempfile,ruby-tmpdir)
- ruby-misc (split into ruby-abbrev,ruby-base64,ruby-continuation,
ruby-coverage,ruby-english,ruby-expect,ruby-fiber,ruby-securerandom,
ruby-set,ruby-shellwords,ruby-tsort,ruby-weakref)
- ruby-multithread (split into ruby-io-nonblock,ruby-io-wait,ruby-monitor)
- ruby-net (split into ruby-net-ftp,ruby-net-http,ruby-net-imap,ruby-net-pop,
ruby-net-protocol,ruby-open-uri)
- ruby-net-telnet (removed upstream)
- ruby-sdbm (removed upstream)
- ruby-webrick (removed upstream)
- ruby-xmlrpc (removed upstream)
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This release contains intentional incompatibility. Deprecation warnings are
off by default on 2.7.2 and later. You can turn on deprecation warnings by
specifying the -w or -W:deprecated option at the command-line. Please check
the topics below for details.
* Feature #17000 2.7.2 turns off deprecation warnings by default
* Feature #16345 Don’t emit deprecation warnings by default.
This release contains the new version of webrick with a security fix described in the article.
* CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in WEBrick
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New subpackages (reflect of ongoing ruby gemification)
- ruby-benchmark (from ruby-debuglib)
- ruby-delegate (from ruby-misc)
- ruby-getoptlong (from ruby-misc)
- ruby-net-pop (from ruby-net)
- ruby-net-imap (from ruby-net)
- ruby-observer (from ruby-patterns, now gone)
- ruby-open3 (from ruby-misc)
- ruby-readline-ext (was ruby-readline, while ruby-readline now selects either
ruby-readline-ext or ruby-reline)
- ruby-reline (alternative to ruby-readline-ext as pure ruby)
- ruby-singleton (from ruby-patterns, now gone)
- ruby-timeout (from ruby-multithread)
Dropped subpackages:
- ruby-cmath (gone in 2.7.0)
- ruby-e2mmap (gone in 2.7.0)
- ruby-patterns (splitted into ruby-observer, ruby-singleton)
- ruby-scanf (gone in 2.7.0)
- ruby-shell (gone in 2.7.0)
- ruby-sync (gone in 2.7.0)
- ruby-thwait (gone in 2.7.0)
Ruby 2.7.0 also dropped profile.rb and profiler.rb (they were in ruby-debuglib)
Patches changes:
- Dropped patch 001_fix_isnan_isinf_finite_with_uclibc.patch (now in release)
- Added 100-musl.patch, fixing mainly coroutine implementation selection
Helper scripts changes:
- ruby_missingfiles: do not ignore ruby-dev files
- ruby_find_pkgsdeps: better detect circular dependencies
Ruby 2.7.1 fixes these security issues:
* CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This activates following extensions:
* io/nonblock
* io/wait
* openssl
* pathname
* ipper
* socket
* zlib
zlib and socket are required for gem so they should be just enabled
because otherwise it does not make sense to provide host gem at all.
The rest of extensions are activated to support compass.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
|
| |
|
|
| |
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2.6.5 fixes:
* CVE-2019-16255: A code injection vulnerability of Shell#[] and Shell#test
* CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
* CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and File.fnmatch?
* CVE-2019-16201: Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication
2.6.4 fixes:
* Multiple jQuery vulnerabilities in RDoc
Changelog: https://github.com/ruby/ruby/compare/v2_6_3...v2_6_5
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
| |
Bug fixes and support for New Japanese Era.
See: https://www.ruby-lang.org/en/news/2019/04/17/ruby-2-6-3-released/
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Bug fixes and a security update of the bundled RubyGems:
CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See: https://www.ruby-lang.org/en/news/2019/01/30/ruby-2-6-1-released/
See: https://www.ruby-lang.org/en/news/2018/12/25/ruby-2-6-0-released/
New packages mirroring upstream gemification of ruby:
* ruby-bundler (new)
* ruby-e2mmap and ruby-ostruct (from ruby-misc)
* ruby-forwardable (from ruby-patterns)
* ruby-matrix and ruby-prime (from removed ruby-math)
* ruby-mutex_m, ruby-sync and ruby-thwait (from ruby-multithread)
* ruby-tracer (from ruby-debuglib)
Added ruby-dev for building extension inside openwrt (requires cc)
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fix only release, including:
* CVE-2018-16396: Tainted flags are not propagated in Array#pack
and String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work
correctly
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
| |
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This release includes some bug fixes and some security fixes.
* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems
There are also some bug fixes.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
2.5.0 introduces many new features and performance improvements.
See: https://www.ruby-lang.org/en/news/2017/12/25/ruby-2-5-0-released/
Packaging changes:
* As date was promoted into a gem, ruby-datetime
was splitted into ruby-date and ruby-time
* New packages for gemified stdlib files:
- ruby-cmath (from ruby-math)
- ruby-date (from ruby-datetime)
- ruby-etc (from ruby-misc)
- ruby-fcntl (from ruby-misc)
- ruby-fileutils (from ruby-filelib)
- ruby-ipaddr (from ruby-socket)
- ruby-scanf (from ruby-misc)
- ruby-stringio (from ruby-misc)
- ruby-strscan (from ruby-misc)
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
| |
This release includes some bug fixes and a security fix.
CVE-2017-17405: Command injection vulnerability in Net::FTP
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This release contains some security fixes.
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
Multiple vulnerabilities in RubyGems
Update bundled libyaml to version 0.1.7.
And many other bugfix.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
| |
It will save about 2M of download. Thanks @diizzyy.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
| |
This releases contains only bug and security fixes,
mostly backported from devel branch.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
There might be no ABI breakage when the first two number
of version are the same.
(No change on generated packages. No need to bumb release)
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$(STAGING_DIR_HOSTPKG)
As both LEDE and OpenWrt have STAGING_DIR_HOSTPKG now, we can start to rely
on it. See 73b7f55424de52d8179a9ad808252fe3bf8dcc9d for more information on
STAGING_DIR_HOSTPKG.
STAGING_DIR_HOSTPKG won't actually be changed before the first LEDE release
(it is equivalent to $(STAGING_DIR)/host), so this simple search/replace
cleanup is safe to apply. Doing this cleanup now will be useful for the
Gluon project (an OpenWrt/LEDE based firmware framework) for experimenting
with modifying STAGING_DIR_HOSTPKG before doing this in the LEDE upstream.
Also fixes a typo in the dbus Makefile ("STAGIND_DIR").
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a stable feature release.
Notable changes:
- Introduce hash table improvement (by Vladimir Makarov)
- Binding#irb: Start a REPL session similar to binding.pry
- Unify Fixnum and Bignum into Integer
- String supports Unicode case mappings
- Performance improvements
- Thread#report_on_exception and Thread.report_on_exception changes
- Thread deadlock detection now shows threads with their backtrace and dependency
- Support OpenSSL 1.1.0 (drop support for 0.9.7 or prior)
- ext/tk is now removed from stdlib Feature #8539
- XMLRPC is now removed from stdlib Feature #12160
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This release contains a bug fix about Refinements and Module#prepend.
The mixture use of Module#refine and Module#prepend to the same Class
could cause unexpected NoMethodError. This is a regression on Ruby 2.3.2
released last week. See [Bug #12920] for details.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
This release contains update of RubyGems 2.5.2 and update of included ssl certificates.
There are many bugfixes too. See the http://svn.ruby-lang.org/repos/ruby/tags/v2_3_2/ChangeLog
for details.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
| |
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
| |
Signed-off-by: Stefan Weil <sw@weilnetz.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
New feature release for ruby.More info:
https://www.ruby-lang.org/en/news/2015/12/25/ruby-2-3-0-released/
Patches changes:
(-) 001-rdoc-remove_gems_dep.patch was merged
(+) 001-acinclude.m4_rename_aclocal.m4.patch backported from upstream.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ruby subpackages now are generated by a macro. This reduces the
Makefile size by half and the chance of errors.
No change in packages contents, install-size or dependencies, except
for some removed doc files.
Improved ruby_missingfiles and ruby_find_pkgsdeps script
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This release includes a security fix for Fiddle extension.
* CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL
There are also some bugfixes.
In package, now LD_FLAGS is copied to DLD_FLAGS (used by ruby for libraries).
The missing values from LD_FLAGS cause build error when gcc does not implicitly
include staging/usr/lib.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is a bug and security fix release, including:
- CVE-2015-3900 Request hijacking vulnerability in RubyGems 2.4.6 and earlier
http://svn.ruby-lang.org/repos/ruby/tags/v2_2_3/ChangeLog
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
| |
Signed-off-by: Alexander Ryzhov <openwrt@ryzhov-al.ru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libyaml is an optional dep for ruby psych. When missing, it uses
a bundled version of yaml. However, when libyaml is present in
openwrt build, ruby-psych packaging failed with deps not declared.
Now libyaml is configured as a hard dep for ruby-psych.
Also, the tk module was disabled in order to avoid a possible similar
problem if tk+x11 is provided in openwrt build. It was currently not
build because of missing deps.
Other minor changes:
- win32* modules where disabled (avoid err msg, no compile changes)
- Some files where removed in 2.2.x (like gserver.rb). They were already
not packaged but generates a build warning message. Now removed from install.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
| |
This is a small ruby release, mainly to fix
CVE-2015-1855: Ruby OpenSSL Hostname Verification
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
For ruby changes since 2.2.0:
http://svn.ruby-lang.org/repos/ruby/tags/v2_2_1/ChangeLog
No relevant changes for OpenWRT.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For ruby changes since 2.1.x:
https://github.com/ruby/ruby/blob/v2_2_0/NEWS
Relevant changes for OpenWRT:
* all patches for ruby-core where merged upstream and
they are not needed anymore (only rdoc patch remains)
- PR for the rdoc github project was added to the patch header
(https://github.com/rdoc/rdoc/pull/340)
* new package ruby-powerassert for introduced new bundled gem power_assert
* new package ruby-unicodenormalize for Unicode normalization files
* removed ruby-dl as DL was removed after being deprecated
* ruby-{minitest,testunit} where removed from ruby library. Now they
are bundled gems
* test and sample files where removed from gems in order to save resources
and reduce pkgs dependencies
* script ruby_find_pkgsdeps was updated to match upstream changes
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Ruby 2.1.5 has been released.
This release includes a security fix for a DoS vulnerability of REXML.
It is similar to the fixed vulnerability in the previous release, but
new and different from it.
CVE-2014-8090: Another Denial of Service XML Expansion
And, some bug fixes are also included. See tickets and ChangeLog for details.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ian Leonard <antonlacon@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This release includes security fixes for the following vulnerabilities:
* CVE-2014-8080: Denial of Service XML Expansion
* Changed default settings of ext/openssl related to CVE-2014-3566
And there are some bug-fixes.
Ref: https://www.ruby-lang.org/en/news/2014/10/27/ruby-2-1-4-released/
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
| |
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
| |
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
| |
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ruby-core is problematic as it is too big.
It is impossible to fix pkgs dependencies as
ruby-core would generate multiple cycled dependencies
between packages.
Also, "core" in ruby context means "classes that does not need a 'require'".
This is not the case of ruby-core classes. They are, actually, a subset of
Ruby Standard Library.
In every detected case where a portion of ruby-core could be isolated and
save another pkgs from requiring all ruby-core where spin-off into a new
subset. Also, big portions of ruby-core, not require by current ruby-* pkgs
where spin-off in new pkgs. The remaining of ruby-core was put into a new ruby-misc.
ruby-stdlib was created as a meta package that requires all ruby packages that are
part of Ruby Standard Library. For a full Ruby Standard Library, just install
ruby-stdlib and its deps.
Created pkgs from ruby-stdlib:
- ruby-misc
- ruby-csv
- ruby-datetime
- ruby-dbm
- ruby-debuglib
- ruby-drb
- ruby-fiddle
- ruby-filelib
- ruby-logger
- ruby-math
- ruby-multithread
- ruby-mkmf
- ruby-net
- ruby-optparse
- ruby-patterns
- ruby-prettyprint
- ruby-pstore
- ruby-racc
- ruby-rbconfig
- ruby-rinda
- ruby-ripper
- ruby-sdbm
- ruby-shell
- ruby-socket
- ruby-uri
Some files from ruby-openssl where moved to new subpkgs (as ruby-net and ruby-drb).
All dependencies where redefined based on auxiliar script ruby_find_pkgsdeps
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|